cli/operation/MetadataOperation.java

0001 /**
0002  * Licensed to the Apache Software Foundation (ASF) under one
0003  * or more contributor license agreements.  See the NOTICE file
0004  * distributed with this work for additional information
0005  * regarding copyright ownership.  The ASF licenses this file
0006  * to you under the Apache License, Version 2.0 (the
0007  * "License"); you may not use this file except in compliance
0008  * with the License.  You may obtain a copy of the License at
0009  *
0010  *     http://www.apache.org/licenses/LICENSE-2.0
0011  *
0012  * Unless required by applicable law or agreed to in writing, software
0013  * distributed under the License is distributed on an "AS IS" BASIS,
0014  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015  * See the License for the specific language governing permissions and
0016  * limitations under the License.
0017  */
0018
0019 package org.apache.hive.service.cli.operation;
0020
0021 import java.util.List;
0022
0023 import org.apache.hadoop.hive.conf.HiveConf;
0024 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
0025 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
0026 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
0027 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
0028 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
0029 import org.apache.hadoop.hive.ql.session.SessionState;
0030 import org.apache.hive.service.cli.HiveSQLException;
0031 import org.apache.hive.service.cli.OperationState;
0032 import org.apache.hive.service.cli.OperationType;
0033 import org.apache.hive.service.cli.TableSchema;
0034 import org.apache.hive.service.cli.session.HiveSession;
0035
0036 /**
0037  * MetadataOperation.
0038  *
0039  */
0040 public abstract class MetadataOperation extends Operation {
0041
0042   protected static final String DEFAULT_HIVE_CATALOG = "";
0043   protected static TableSchema RESULT_SET_SCHEMA;
0044   private static final char SEARCH_STRING_ESCAPE = '\\';
0045
0046   protected MetadataOperation(HiveSession parentSession, OperationType opType) {
0047     super(parentSession, opType, false);
0048     setHasResultSet(true);
0049   }
0050
0051
0052   /* (non-Javadoc)
0053    * @see org.apache.hive.service.cli.Operation#close()
0054    */
0055   @Override
0056   public void close() throws HiveSQLException {
0057     setState(OperationState.CLOSED);
0058     cleanupOperationLog();
0059   }
0060
0061   /**
0062    * Convert wildchars and escape sequence from JDBC format to datanucleous/regex
0063    */
0064   protected String convertIdentifierPattern(final String pattern, boolean datanucleusFormat) {
0065     if (pattern == null) {
0066       return convertPattern("%", true);
0067     } else {
0068       return convertPattern(pattern, datanucleusFormat);
0069     }
0070   }
0071
0072   /**
0073    * Convert wildchars and escape sequence of schema pattern from JDBC format to datanucleous/regex
0074    * The schema pattern treats empty string also as wildchar
0075    */
0076   protected String convertSchemaPattern(final String pattern) {
0077     if ((pattern == null) || pattern.isEmpty()) {
0078       return convertPattern("%", true);
0079     } else {
0080       return convertPattern(pattern, true);
0081     }
0082   }
0083
0084   /**
0085    * Convert a pattern containing JDBC catalog search wildcards into
0086    * Java regex patterns.
0087    *
0088    * @param pattern input which may contain '%' or '_' wildcard characters, or
0089    * these characters escaped using {@link #getSearchStringEscape()}.
0090    * @return replace %/_ with regex search characters, also handle escaped
0091    * characters.
0092    *
0093    * The datanucleus module expects the wildchar as '*'. The columns search on the
0094    * other hand is done locally inside the hive code and that requires the regex wildchar
0095    * format '.*'  This is driven by the datanucleusFormat flag.
0096    */
0097   private String convertPattern(final String pattern, boolean datanucleusFormat) {
0098     String wStr;
0099     if (datanucleusFormat) {
0100       wStr = "*";
0101     } else {
0102       wStr = ".*";
0103     }
0104     return pattern
0105         .replaceAll("([^\\\\])%", "$1" + wStr).replaceAll("\\\\%", "%").replaceAll("^%", wStr)
0106         .replaceAll("([^\\\\])_", "$1.").replaceAll("\\\\_", "_").replaceAll("^_", ".");
0107   }
0108
0109   protected boolean isAuthV2Enabled(){
0110     SessionState ss = SessionState.get();
0111     return (ss.isAuthorizationModeV2() &&
0112         HiveConf.getBoolVar(ss.getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED));
0113   }
0114
0115   protected void authorizeMetaGets(HiveOperationType opType, List<HivePrivilegeObject> inpObjs)
0116       throws HiveSQLException {
0117     authorizeMetaGets(opType, inpObjs, null);
0118   }
0119
0120   protected void authorizeMetaGets(HiveOperationType opType, List<HivePrivilegeObject> inpObjs,
0121       String cmdString) throws HiveSQLException {
0122     SessionState ss = SessionState.get();
0123     HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder();
0124     ctxBuilder.setUserIpAddress(ss.getUserIpAddress());
0125     ctxBuilder.setCommandString(cmdString);
0126     try {
0127       ss.getAuthorizerV2().checkPrivileges(opType, inpObjs, null,
0128           ctxBuilder.build());
0129     } catch (HiveAuthzPluginException | HiveAccessControlException e) {
0130       throw new HiveSQLException(e.getMessage(), e);
0131     }
0132   }
0133
0134 }